GPlayed Trojan Masquerades as Google Play to Attack Android Devices
As per a blog post by researchers at Cisco Talos, the GPlayed Trojan's design and implementation are of "an uncommonly high level," making it a dangerous threat. They said that such threats will become more common, as more companies decide to publish their software directly to consumers. GPlayed is said to be a full-fledged Trojan with capabilities ranging from those of "a banking Trojan to a full spying Trojan." This essentially means that the malware can do anything from "harvest the user's banking credentials, to monitoring the device's location." This Trojan also shows a new path for threats to evolve. Having the ability to move code from desktops to mobile platforms without any effort.
According to the blog post, the malware is written in .NET using the Xamarin environment for mobile applications. The main DLL is called "Reznov.DLL." and it contains one root class called "eClient," which is the core of the Trojan. It added, "The imports reveal the use of a second DLL called 'eCommon.DLL.' We determined that the "eCommon" file contains support code and structures that are platform independent. The main DLL also contains eClient subclasses that implement some of the native capabilities."
The GPlayed Trojan is highly evolved in its design, says Vitor Ventura, the author of the blog post. It has modular architecture implemented in the form of plugins, or it can receive new .NET source code, which will be compiled on the device in runtime. The blog adds, "This means that the authors or the operators can add capabilities without the need to recompile and upgrade the Trojan package on the device."
To achieve adaptability, the operator has the capability to remotely load plugins, inject scripts, and compile new .NET code that can be executed. "Our analysis indicates that this Trojan is in its testing stage but given its potential, every mobile user should be aware of GPlayed. Mobile developers have recently begun eschewing traditional app stores and instead want to deliver their software directly through their own means. But GPlayed is an example of where this can go wrong, especially if a mobile user is not aware of how to distinguish a fake app versus a real one," Ventura adds.
The Cisco Talos blog provides a list of URLs, Hash Values, and Custom Activity Prefix as indicators of compromise. It has also provided a bunch of ways its products can be used to detect and block GPlayed-like attacks. Cyber attackers are said to be running tests on GPlayed but the Cisco researchers have warned that it is shaping up as a serious threat.
Ventura added, "The average user might not have the necessary skills to distinguish legitimate sites from malicious ones. We've seen that this has been the case for many years with spear-phishing campaigns on desktop and mobile platforms, so, unfortunately, it doesn't seem that this will change any time soon. And this just means attackers will continue to be successful."
Müəllif
Metbuat.az
Qaynar xətt
0552252950
Həmçinin oxu
Süni intellekt üçün internet “Bakcell”dən
en.ictnews.az
DİGƏR XƏBƏRLƏR
Daha çox »Top xəbərlər
Layihələr
Son xəbərlər
Polad Həşimovun şəhadətə ucalmasından altı il ötür
Bu gün
·
00:12
İnsanlara güvənməyən ən şübhəçil 5 bürc
Bu gün
·
00:12
Azərbaycanda nə qədər ev ipotekadadır?
Dünən
·
23:55
D-8 Media Mükəmməllik Mərkəzinin strategiyası təqdim olundu
Dünən
·
23:53
Ən uzunömürlü 5 balıq: 200 ildən çox yaşayırlar
Dünən
·
23:52
ABŞ Hörmüzdə keçidlərin təhlükəsizliyini təmin edəcək - Tramp
Dünən
·
23:49
10 Avropa ölkəsi Antiballistik Raket Koalisiyası qurdu
Dünən
·
23:15
Bu tarixi sizin qədər bilən ikinci bir şəxs çətin ki, tapılsın - Prezidentdən Mirşahinə
Dünən
·
22:53
"Real"da Vinisiusun aqibəti bəlli oldu
Dünən
·
22:35
Peter Pelleqrini Azərbaycana rəsmi səfərə gəldi
Dünən
·
22:03
Pambıqdan yüngül planet kəşf edildi
Dünən
·
21:49
Bizim daxili risklərimiz yoxdur, bütün təhdidlər sərhədlərimizdən kənarda yaranır - İlham Əliyev
Dünən
·
21:16
Ərəblərdən ulduz futbolçuya təklif
Dünən
·
21:10
Azərbaycanın bu şəhərində evlər kütləvi satışa çıxarılır
Dünən
·
20:56
“Qalatasaray”da Sançes böhranı: gedir?
Dünən
·
20:51